From 7a3427e4229d5e99436cc6dafe5668e99be41c4d Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 7 Aug 2020 17:29:52 +0000 Subject: [PATCH] daemon: Log when we validate that FIPS is on I was surprised we weren't logging anything related to this when I went to double-check the node state while working on https://github.com/openshift/origin/pull/25362 --- pkg/daemon/update.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkg/daemon/update.go b/pkg/daemon/update.go index 3726466b1f..b3c0f585f6 100644 --- a/pkg/daemon/update.go +++ b/pkg/daemon/update.go @@ -629,11 +629,14 @@ func checkFIPS(current, desired *mcfgv1.MachineConfig) error { return errors.Wrapf(err, "Error parsing FIPS file at %s", fipsFile) } if desired.Spec.FIPS == nodeFIPS { + if desired.Spec.FIPS { + glog.Infof("FIPS is configured and enabled") + } // Check if FIPS on the system is at the desired setting current.Spec.FIPS = nodeFIPS return nil } - return errors.New("detected change to FIPS flag. Refusing to modify FIPS on a running cluster") + return errors.New("detected change to FIPS flag; refusing to modify FIPS on a running cluster") } // checks for white-space characters in "C" and "POSIX" locales.